From 3f1fcacffc247614f41ebdd1bb79a3e9c08dc050 Mon Sep 17 00:00:00 2001
From: jay <jay@zerojay.com>
Date: Sun, 29 Jun 2025 13:44:40 -0400
Subject: [PATCH] Add security setup.

---
 nodes/hosts/common/configuration.nix   |  1 +
 nodes/hosts/common/system/security.nix | 29 ++++++++++++++++++++++++++
 2 files changed, 30 insertions(+)
 create mode 100644 nodes/hosts/common/system/security.nix

diff --git a/nodes/hosts/common/configuration.nix b/nodes/hosts/common/configuration.nix
index debc6af..e71bf3c 100644
--- a/nodes/hosts/common/configuration.nix
+++ b/nodes/hosts/common/configuration.nix
@@ -17,6 +17,7 @@
     ./services/sound.nix
     ./system/bluetooth.nix
     ./system/locale.nix
+    ./system/security.nix
     ./system/time.nix
     ./system/users.nix
   ];
diff --git a/nodes/hosts/common/system/security.nix b/nodes/hosts/common/system/security.nix
new file mode 100644
index 0000000..9bdc475
--- /dev/null
+++ b/nodes/hosts/common/system/security.nix
@@ -0,0 +1,29 @@
+{ pkgs, lib, ... }: {
+  security = {
+    rtkit.enable = true;
+    pam.services.hyprlock = {};
+
+    polkit = {
+      enable = true;
+      adminIdentities = [
+        "unix-group:wheel"
+      ];
+    };
+    
+    sudo = {
+      enable = lib.mkForce false;
+    };
+   
+    sudo-rs = {
+      enable = true;
+      wheelNeedsPassword = true;
+      execWheelOnly = true;
+    };
+  };
+
+  environment.systemPackages = [
+    pkgs.vulnix
+  ];
+}
+
+